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ABSTRACT  (Maximum  200  words) 

A  set  of  computer  and  network  equipment  has  been  purchased  to  support  the  intrusion  detection  research.  The  objective  of  the  intrusion  detection 
research  currently  funded  by  AFOSR  is  to  investigate,  develop  and  test: 

1)  A  process  model  of  computer  and  network  operation  to  capture  computer  and  network  activities  to  a  full  range  from  individual  components  of  a 
computer  and  network  system  to  the  system  itself  at  multiple  levels  of  abstraction; 

2)  Model-based  intrusion  detection  techniques  at  the  system  level  to  detect  coordinated  actions  and  interactive  effects  of  Intrusion  by  correlating 
and  intrusion  likelihood  values  from  component-level  intrusion  detection  techniques;  and 

3)  A  working  prototype  of  an  intrusion  detection  system  to  detect  intrusions  through  the  integration  of  the  process  mode!  and  intrusion  detection 
techniques. 

To  test  the  process  model,  the  system-level  intrusion  detection  techniques  and  the  working  prototype  of  the  intrusion  detection  system,  a  set  of 
computer  and  network  equipment  has  been  purchased  through  this  grant  to  construct  a  computer  and  network  system  that  represents  a  typical  DoD 
information  infrastructure  involving  a  mix  of  different  machines  and  operating  environments.  Specifically,  the  following  have  been  purchased: 

•  three  Sun  workstations 

•  one  Silicon  Graphics  workstation 

•  one  Dec  workstation 

•  four  Micron  PCs 

•  two  Macintosh  PCs. 
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A  set  of  computer  and  network  equipment  has  been  purchased  to  support  the  intrusion  detection 
research.  The  objective  of  the  intrusion  detection  research  currently  funded  by  AFOSR  (grant  #: 
F49620-99-1-0014)  is  to  investigate,  develop  and  test: 

1)  A  process  model  of  computer  and  network  operation  to  capture  computer  and  network 
activities  to  a  full  range  from  individual  components  of  a  computer  and  network  system  to 
the  system  itself  at  multiple  levels  of  abstraction; 

2)  Model-based  intrusion  detection  techniques  at  the  system  level  to  detect  coordinated 
actions  and  interactive  effects  of  intrusion  by  correlating  and  intrusion  likelihood  values 
from  component-level  intrusion  detection  techniques;  and 

3)  A  working  prototype  of  an  intrusion  detection  system  to  detect  intrusions  through  the 
integration  of  the  process  model  and  intrusion  detection  techniques. 


To  test  the  process  model,  the  system-level  intrusion  detection  techniques  and  the  working 
prototype  of  the  intrusion  detection  system,  a  set  of  computer  and  network  equipment  has  been 
purchased  through  this  grant.  Specifically,  the  following  have  been  purchased: 

•  three  Sun  workstations 

•  one  Silicon  Graphics  workstation 

•  one  Dec  workstation 

•  four  Micron  PCs 

•  two  Macintosh  PCs. 


The  above  machines  and  existing  equipment  in  the  lab  are  used  to  form  a  computer  and  network 
system  that  represents  a  typical  DoD  information  infrastructure  involving  a  mix  of  different 
machines  and  operating  environments.  This  computer  and  network  system  is  shown  below.  The 
computer  and  network  system  consists  of  a  protected  network  domain  and  an  outside  network 
domain  which  are  connected  through  a  Cisco  router.  Figure  1  shows  the  architecture  of  the 
computer  network  system  as  well  as  the  description,  role  and  ID  of  each  machine  in  the  system. 
The  protected  domain  contains  the  UNIX  server  and  clients,  the  Windows  NT  server  and  clients, 
the  UNIX  security  server,  and  the  Windows  NT  security  server.  The  outside  domain  contains 
two  UNIX-based  workstations  and  three  PCs. 


This  computer  and  network  system  has  been  used  to  test  the  process  model,  intrusion  detection 
techniques  and  the  working  prototype  of  an  intrusion  detection  system  that  have  been  and  are 
being  developed  under  the  three  year  AFOSR  grant  (grant  #:  F49620-99-1-0014). 
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